Cyber Security Fleet Manager, Gloucester

At EDF, success is personal. Here you’ll develop a career that’s unique to you. Whether you want to move horizontally, deepen your specialty, or advance through the levels — it’s your journey, powered by us. Join us and be part be of our mission to help Britain achieve Net Zero

The Opportunity

As our Cyber Security Fleet Manager, you will communicate and oversee cyber security best practices and risk management in the operational technology (OT) environment and champion their adoption and implementation across all our nuclear stations. You will provide strategic direction and coordination of activities across our nuclear sites , working collaboratively with Station Cyber Leads, the Business Information Security Officer (BISO), the Portfolio Manager and Nuclear IT Services and Nuclear Security.

Gloucester is the base location for this position, however we will consider other locations as there will be a requirement to travel across our nuclear fleet.

Pay, benefits and culture

Alongside a competitive salary from £90,000 pa, we offer a competitive benefits package, including a company pension scheme, and a wide range of flexible benefits to suit your lifestyle.

At EDF UK, we embrace flexibility while recognising that everyone's working needs are different. Whether you're in our office spaces, on site, or working remotely, we promote an environment that supports collaboration, connection, and comfort. No matter where you are, our priority is to make sure you feel safe, valued, and celebrated.

Here, we do right by each other and everyone’s welcome. We’re on an action-oriented journey, championing equity, diversity, and inclusion. We’d like our future workforce to have an equal gender balance, represent a broad mix of people from minority ethnic backgrounds, LGBTQ+, those with a disability and supporting social mobility.

We’re a disability confident employer and we’ll do all we can to help with your application. Please let us know if you need to request reasonable adjustments.

We take pride in fostering a dynamic and inclusive environment, where the diverse backgrounds and experiences of our employees drive fresh thinking and innovation. We understand that success means different things to different people. We believe there are multiple definitions of what it means to succeed. That’s why we support you to pursue a career that’s unique to you. Because success is personal.

What you’ll be doing

This position is a critical interface between the Senior Information Risk Owner (SIRO) and nuclear stations, proactively embedding cyber security effectiveness and efficiency, and providing insights to the Business Information Security Officer ( BISO) to further enhance strategy.

You will be responsible for:

Cybersecurity Compliance:

• • Validate that all nuclear stations are implementing and complying with cybersecurity processes and regulatory requirements.
  • Regularly visit nuclear stations to audit their cybersecurity practices and provide hands-on support to address any gaps in their security posture.

Security Risk Management:

• • Support the process of conducting comprehensive Security Risk Assessments at each nuclear station to identify potential vulnerabilities and threats.
  • Perform routine and regular reviews of these assessments to ensure that all risks are managed proactively and that mitigation strategies are updated accordingly.

Operational Technology Asset Management:

• • Support the development and maintenance of a detailed OT asset inventory, which includes the documentation of all hardware, software, and firmware associated with nuclear operations.
  • Support the implementation of network monitoring protocols to detect and documentation of new assets connecting to the network, confirming that all assets are classified and managed in line with the EDF UK policies.

Data Security Enforcement:

• • Support the enforcement of strict controls on the use of removable media and other data transfer methods to prevent unauthorised data leakage and ensure compliance with security requirements.

Identity and Access Management:

• • Support effective use of the processes for onboarding, transferring, and disposing of user accounts, ensuring that access rights are granted appropriately and revoked when no longer needed.
  • Check that manual account access requests are fulfilled when automated systems are not in place, while also managing segregation of duties to minimise insider threats.
  • Support the conduct regular audits of accounts with access to critical systems and applications, especially those processing Sensitive Nuclear Information (SNI), to prevent unauthorised access.

Training and Cybersecurity Awareness:

• • Champion a strong cybersecurity culture within the business by supporting the delivery of training programmes.
  • Hold station managers accountable for the completion of cybersecurity training within their teams and provide support where necessary to achieve this goal.

Technology Infrastructure Resilience:

• • Support the development and documentation of comprehensive network architecture diagrams that reflect the current and planned state of the nuclear stations' network infrastructure.
  • Support the periodic review and update these diagrams to ensure they accurately represent the network's resilience to cyber threats and are in line with technological advancements.

Security Monitoring and Reporting:

• • Support the scope and processes for security monitoring across the Nuclear Operations business, ensuring that all critical assets and infrastructure are under continuous surveillance.
  • Collaborate with the SOC team to establish reporting protocols for suspicious activities or incidents and implement special monitoring requirements for SNI and OT networks.
  • Support periodic security reporting to provide insights into security trends, attack patterns, and the effectiveness of the incident response.

Incident and Crisis Management:

• • Support readiness of the Incident Management Team to support and manage cybersecurity incidents as they arise.
  • Support the coordination and response to security incidents within Nuclear Operations, ensuring that triage, containment, and mitigation processes are effective and minimise impact.
  • Document and disseminate lessons learned from security incidents to all relevant parties, enhancing the overall preparedness and response capabilities of the organisation.

Regulatory Compliance, Interface and Documentation:

• • Maintain a thorough understanding of nuclear industry regulations and ensure that all cybersecurity practices are compliant with legal and regulatory requirements.
  • Support reporting of security processes and incident reports meticulously, raising change requests (CRs) where necessary to improve security measures and compliance.

Who you are

As a minimum, you will have an Engineering or Science degree and ideally be chartered in an Engineering / science discipline. You will be experienced in regulatory engagement in a nuclear environment and typically, have a background in power plant operations, engineering, or technical and safety disciplines with management experience. SC vetting level will be a requirement.

You’ll be a cyber specialist with technical aptitude and proven experience in cybersecurity, operational technology/ICS within a nuclear energy or similarly regulated industry with qualifications and certifications in Information Security, Operational Technology/Industrial Controls Systems and Risk.

Knowledge of industry security standards and frameworks; technical security principles, particularly in the context of OT and critical infrastructure is key, alongside proven experience in leading and coordinating incident response efforts in a high-stakes environment.

You’ll have knowledge and experience of relevant regulations and policy including Nuclear Industries Security Regulations (NISR 2003) and Data Protection Act (2018) and a good understanding and practical experience of cyber security threats and risks.

You will also have experience of relationship building and stakeholder management at all organisation levels, internally and externally.

For any questions or queries regarding this role, please get in touch with: hannah.clark@edfenergy.com

Applications for this role close on 15th December 2024, with interviews to be held on 9 January 2025 in Gloucester.

Join us and together we can help Britain achieve Net Zero.

#DestinationNuclear #EDFjobs